CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...

EUVD-2025-35556

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

CVE-2025-49374

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

CVE-2025-49917

CVE-2025-49917 describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin Icegram Express Pro, specifically in the email-subscribers-premium component. Affected versions are Icegram Express Pro

CVE-2025-49374

The CVE describes a Server-Side Request Forgery (SSRF) in the WordPress Captcha.eu plugin, affecting versions up to 1.0.61 (reported as n/a through 1.0.61). Root cause: inadequate authentication to verify request origin, enabling an attacker to probe internal resources. Documented impact: SSRF; r...

CVE-2025-49374 WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

CVE-2025-62763

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...

Rocket.Chat: SSRF via improper validation after DNS name resolution in the link-preview feature

The link-preview feature in Rocket.Chat version 7.11.0 did not properly validate the IP address after DNS resolution. This allowed an attacker to obtain a domain that pointed to an internal IP address, triggering SSRF and enabling access to internal hosts that would otherwise be unreachable...

PT-2025-43166

Name of the Vulnerable Software and Affected Versions Captcha.eu versions n/a through 1.0.61 Description A Server-Side Request Forgery SSRF vulnerability exists in Captcha.eu captcha-eu. This allows for Server Side Request Forgery. Recommendations Update Captcha.eu to a version greater than 1.0.6...

Wordpress Plugin Captcha.eu 安全漏洞

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

PT-2025-43183

Name of the Vulnerable Software and Affected Versions Icegram Icegram Express Pro versions through 5.9.5 Description A Server-Side Request Forgery SSRF issue exists in Icegram Icegram Express Pro email-subscribers-premium. This allows for Server Side Request Forgery. Recommendations Update Icegra...

FastGPT 代码问题漏洞

FastGPT is an open source knowledge base question and answer system based on a large language model from labring open source. A code issue vulnerability exists in FastGPT versions prior to 4.11.1, which stems from an unvalidated network link in the workflow file read node and could lead to a...

PT-2025-43407

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.11.1 Description FastGPT is a platform for building AI Agents. Versions of FastGPT before 4.11.1 contain a Server-Side Request Forgery SSRF issue in the workflow file reading node. The system does not verify the...

EUVD-2025-35208

Shopware vulnerable to Server-Side Request Forgery SSRF – order invoice...

Server-side Request Forgery (SSRF)

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PDF generation process. An attacker can cause the server to send HTTP requests to internal or external resources by submitting specially crafted I...

Server-side Request Forgery (SSRF)

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PDF generation process. An attacker can cause the server to send HTTP requests to internal or external...

GHSA-3CPP-FV95-MPR5 Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice

Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...

CVE-2025-62763

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...

Zimbra Collaboration 代码问题漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A code issue vulnerability exists in Zimbra Collaboration versions prior to 10.1.12, which stems from ...

CVE-2025-62763

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...